Toward Monitoring, Assessing, and Confining Mobile Applications in Modern Mobile Platforms

January 2015

abstract: Smartphones are pervasive nowadays. They are supported by mobile platforms that allow users to download and run feature-rich mobile applications (apps). While mobile apps help users conveniently process personal data on mobile devices, they also pose security and privacy threats and put user's data at risk. Even though modern mobile platforms such as Android have integrated security mechanisms to protect users, most mechanisms do not easily adapt to user's security requirements and rapidly evolving threats. They either fail to provide sufficient intelligence for a user to make informed security decisions, or require great sophistication to configure the mechanisms for enforcing security decisions. These limitations lead to a situation where users are disadvantageous against emerging malware on modern mobile platforms. To remedy this situation, I propose automated and systematic approaches to address three security management tasks: monitoring, assessment, and confinement of mobile apps. In particular, monitoring apps helps a user observe and record apps' runtime behaviors as controlled under security mechanisms. Automated assessment distills intelligence from the observed behaviors and the security configurations of security mechanisms. The distilled intelligence further fuels enhanced confinement mechanisms that flexibly and accurately shape apps' behaviors. To demonstrate the feasibility of my approaches, I design and implement a suite of proof-of-concept prototypes that support the three tasks respectively. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2015

Computer science

access control

Android

security

Anonymity Protection and Access Control in Mobile Network Environment

January 2016

abstract: Wireless communication technologies have been playing an important role in modern society. Due to its inherent mobility property, wireless networks are more vulnerable to passive attacks than traditional wired networks. Anonymity, as an important issue in mobile network environment, serves as the first topic that leads to all the research work presented in this manuscript. Specifically, anonymity issue in Mobile Ad hoc Networks (MANETs) is discussed with details as the first section of research. To thoroughly study on this topic, the presented work approaches it from an attacker's perspective. Under a perfect scenario, all the traffic in a targeted MANET exhibits the communication relations to a passive attacker. However, localization errors pose a significant influence on the accuracy of the derived communication patterns. To handle such issue, a new scheme is proposed to generate super nodes, which represent the activities of user groups in the target MANET. This scheme also helps reduce the scale of monitoring work by grouping users based on their behaviors. The first part of work on anonymity in MANET leads to the thought on its major cause. The link-based communication pattern is a key contributor to the success of the traffic analysis attack. A natural way to circumvent such issue is to use link-less approaches. Information Centric Networking (ICN) is a typical instance of such kind. Its communication pattern is able to overcome the anonymity issue with MANET. However, it also comes with its own shortcomings. One of them is access control enforcement. To tackle this issue, a new naming scheme for contents transmitted in ICN networks is presented. This scheme is based on a new Attribute-Based Encryption (ABE) algorithm. It enforces access control in ICN with minimum requirements on additional network components. Following the research work on ABE, an important function, delegation, exhibits a potential security issue. In traditional ABE schemes, Ciphertext-Policy ABE (CP-ABE), a user is able to generate a subset of authentic attribute key components for other users using delegation function. This capability is not monitored or controlled by the trusted third party (TTP) in the cryptosystem. A direct threat caused from this issue is that any user may intentionally or unintentionally lower the standards for attribute assignments. Unauthorized users/attackers may be able to obtain their desired attributes through a delegation party instead of directly from the TTP. As the third part of work presented in this manuscript, a three-level delegation restriction architecture is proposed. Furthermore, a delegation restriction scheme following this architecture is also presented. This scheme allows the TTP to have full control on the delegation function of all its direct users. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2016

Computer science

Access Control

Anonymity

Mobile Network

Automated secure systems development methodology

Booysen, Hester Aletta Susanna

20 November 2014

D.Com. (Informatics) / The complexity of modern computer-based information systems is such that, for all but the simplest of examples, they cannot be produced without a considerable amount of prior planning and preparation. The actual difficulties of trying to design, develop and implement complex computer-based systems have been recognised as early as the seventies. In a bid to deal with what was then referred to as the "software crisis", a number of so- called "methodologies" were advocated. Those methodologies were, in turn, based on a collection of guidelines or methods thanks to which their designers could eventually make the claim that computer systems, and in particular information systems, could be designed and developed with a greater degree of success. By using a clear set of rules, or at least reasonably detailed principles, they could ensure that the various design and development tasks be performed in a methodical, organ ised fashion. Irrespective of the methodologies or guidelines that were adopted or laid down, the developers principal aim was to ensure that all relevant detail about the proposed information systems would be taken into account during the long and often drawn-out design and development process. Unfortunately, many of those methodologies and guidelines date from the early 1970s and, as a result, no longer meet the security requirements and guidelines of today's information systems. It was never attempted under any of those methodolog ies, however, to unriddle the difficulties they had come up against in information security in the domain of system development . Security concerns should however, form an integral part of the planning, development and maintenance of a computer application. Each application system should for example, take the necessary security measures in any given situation.

Computers - Access control

Computer security

Data protection

A critical review of the IFIP TC11 Security Conference Series

Gaadingwe, Tshepo Gaadingwe

January 2007

Over the past few decades the field of computing has grown and evolved. In this time, information security research has experienced the same type of growth. The increase in importance and interest in information security research is reflected by the sheer number of research efforts being produced by different type of organizations around the world. One such organization is the International Federation for Information Processing (IFIP), more specifically the IFIP Technical Committee 11 (IFIP TC11). The IFIP TC11 community has had a rich history in producing high quality information security specific articles for over 20 years now. Therefore, IFIP TC11 found it necessary to reflect on this history, mainly to try and discover where it came from and where it may be going. Its 20th anniversary of its main conference presented an opportunity to begin such a study of its history. The core belief driving the study being that the future can only be realized and appreciated if the past is well understood. The main area of interest was to find out topics which may have had prevalence in the past or could be considered as "hot" topics. To achieve this, the author developed a systematic process for the study. The underpinning element being the creation of a classification scheme which was used to aid the analysis of the IFIP TC11 20 year's worth of articles. Major themes were identified and trends in the series highlighted. Further discussion and reflection on these trends were given. It was found that, not surprisingly, the series covered a wide variety of topics in the 20 years. However, it was discovered that there has been a notable move towards technically focused papers. Furthermore, topics such as business continuity had just about disappeared in the series while topics which are related to networking and cryptography continue to gain more prevalence.

Database security

Data protection

Computers -- Access control

CBiX a model for content-based billing in XML environments

De Villiers, Peter

January 2003

The new global economy is based on knowledge and information. Further- more, the Internet is facilitating new forms of revenue generation of which one recognized potential source is content delivery over the Internet. One aspect that is critical to ensuring a content-based revenue stream is billing. While there are a number of content-based billing systems commercially available, as far as can be determined these products are not based on a common model that can ensure interoperability and communication between the billing sys- tems. This dissertation addresses the need for a content-based billing model by developing the CBiX (Content-based Billing in XML Environments) model. This model, developed in a phased approach as a family of billing models, incorporates three aspects. The rst aspect is access control. The second as- pect is pricing, in the form of document, element and inherited element level pricing for content. The third aspect is XML as the platform for information exchange. The nature of the Internet facilitates information interchange, exible web business models and exible pricing. These facts, coupled with CBiX being concerned with billing for content over the Internet, leads to a number of decisions regarding the model: The CBiX model has to incorporate exible pricing. Therefore pricing is evolved through the development of the family of models from doc- ument level pricing to element level pricing to inherited element level pricing. The CBiX model has to be based on a platform for information inter- change that enables content delivery. XML provides a broad family of standards that is widely supported and creating the next generation Internet. XML is therefore selected as the environment for information exchange for CBiX. The CBiX model requires a form of access control that can provide access to content based on user properties. Credential-based Access Control is therefore selected as the method of access control for CBiX, whereby authorization is granted based on a set of user credentials. Furthermore, this dissertation reports on the development of a prototype. This serves a dual purpose: rstly, to assist the author in understanding the technologies and principles involved; secondly, to illustrate CBiX0 and therefore present a proof-of-concept of at least the base model. The CBiX model provides a base to guide and assist developers with regards to the issues involved with developing a billing system for XML- based environments.

XML (Document Markup Language)

Access control

Pricing

ETDs and Best Practices in Canada

Stuart, Nancy

09 1900

Conferencia realizado del 12 al 14 de setiembre en Lima, Peru del 2012 en el marco del 15º Simposio Internacional de Tesis y Disertaciones Electrónicas (ETD 2012). Evento aupiciado por la Universidad Nacional Mayor de San Marcos (UNMSM) y la Universidad Peruana de Ciencias Aplicadas (UPC). / Institutional Repositories (IRs) and ETD programs conducted in December 2011. The purpose of the survey was two-fold. The first was to show the growth of Institutional Repositories (IRs) across Canada. The second was to illustrate the state of the electronic theses and dissertations (ETD) submission programs at Canadian institutions. The survey was a follow up to a 2009 survey and illustrates there has been steady growth in both the number of IRs and ETD programs in Canada. Results of the survey include statistics on the number of IRs, types of materials in the IRs, the type software platform, the number of ETD programs, whether electronic submission is mandatory, if embargoed or restricted theses and dissertations are allowed, the number of institutions having their ETDs harvested by Library and Archives Canada and the number of institutions sending their theses to ProQuest and retaining a microfiche copy. The survey was sent to Canadian institutions where a thesis or dissertation is required for graduation and to Canadian institutions who are members of the Canadian Association for Research Libraries. Responses were received from 33 institutions. Best practices for ETD programs and workflows will also be discussed. Focus areas include the PDF format for multiple and multi-media files, OAI-PMH harvesting, mandatory submission and embargoes. By analyzing the results of the survey, it is clear that Canada is moving forward quickly in the implementation of ETD submission programs. The fact that over 70% of Canadian institutions have their ETDs harvested by Library and Archives Canada puts Canada, and it’s National Library, in a unique position to share its knowledge and expertise in ETD programs and ETD workflows.

Digital Theses

Institutional Repositories

Open Access

ETD2012

ETD initiatives: An audit of international landscape

Tripathi, Manorama

09 1900

Conferencia realizado del 12 al 14 de setiembre en Lima, Peru del 2012 en el marco del 15º Simposio Internacional de Tesis y Disertaciones Electrónicas (ETD 2012). Evento aupiciado por la Universidad Nacional Mayor de San Marcos (UNMSM) y la Universidad Peruana de Ciencias Aplicadas (UPC). / Objectives: At present, libraries, worldwide, are making concerted efforts to facilitate transformation of theses to e- forms. In India, too, ETD activities are going on at an accelerated pace. The country has one of the largest educational systems across the globe. There are 634 universities and 33023 colleges in the country; every year more tan 11000 doctoral theses are awarded to the students. The University Grants Commission, (India) notification, 2009 has mandated submission of e-theses, by the research scholars, to the universities. All universities are required to setup e- theses repository to facilitate e- submission, archiving, maintenance and access to them. The paper focuses on the progress of ETD initiatives taken in India. The data is being collected through questionnaire method and whatever (information) is available in public domain in order to find out the following: 1. Current / Ongoing projects –various universities involved in ETD projects 2. Content/Total collection 3. Coverage of subject areas 4. Objectives of ETD 5. Use of software 6. Metadata schema used 7. Competency of the staff to maintain ETD 8. Policies of the universities with regard to acquisition/acceptance of etheses. 9. Policies of Government/Research Council/University Grants Commission(UGC) The paper elaborates and compares the ETD initiatives taken in UK and Australia with India. Methods: Questionnaire and whatever information is available on websites of the universities.

Digital Theses

Open Access

Digital Repositories

ETD2012

Optimal resource management in wireless access networks

Mohsenian-Rad, Amir-Hamed

11 1900

This thesis presents several simple, robust, and optimal resource management schemes for multihop wireless access networks with the main focus on multi-channel wireless mesh networks (MC WMNs). In this regard, various resource management optimization problems are formulated arid efficient algorithms are proposed to solve each problem. First, we consider the channel as signment problem in MC-WMNs and formulate different resource management problems within the general framework of network utility maximization (NUM). Unlike most of the previously proposed channel assignment schemes, our algorithms can not only assign the orthogonal (i.e., non-overlapped) channels, but also partially overlapped channels. This better utilizes the avail able frequency spectrum as a critical resource in MC-WMNs. Second, we propose two distributed random medium access control (MAC) algorithms to solve a non-convex NUM problem at the MAC layer. The first algorithm is fast, optimal, and robust to message loss and delay. It also only requires a limited message passing among the wireless nodes. Using distributed learning techniques, we then propose another NUM-based MAC algorithm which achieves the optimal performance without frequent message exchange. Third, based on our results on random MAC, we develop a distributed multi-interface multi-channel random access algorithm to solve the NUM problem in MC-WMNs. Different from most of the previous channel assignment schemes in the literature, where channel assignment is intuitively modeled in the form of combinatorial and discrete optimization problems, our scheme is based on formulating a novel continuous optimization model. This makes the analysis and implementation significantly easier. Finally, we consider the problem of pricing and monetary exchange in multi-hop wireless access networks, where each intermediate node receives a payment to compensate for its offered packet forwarding service. In this regard, we propose a market-based wireless access network model with two-fold pricing. It uses relay-pricing to encourage collaboration among the access points. It also uses interference pricing to leverage optimal resource management. In general, this thesis widely benefits from several mathematical techniques as both modeling and solution tools to achieve simple, robust, optimal, and practical resource management strategies for future wireless access networks. / Applied Science, Faculty of / Electrical and Computer Engineering, Department of / Graduate

Wireless access networks

Optimization

Cross layer design

Repositorios sostenibles, reflexiones a partir de la experiencia española

Llueca, Ciro, Reoyo, Sandra

09 1900

Conferencia realizado del 12 al 14 de setiembre en Lima, Peru del 2012 en el marco del 15º Simposio Internacional de Tesis y Disertaciones Electrónicas (ETD 2012). Evento aupiciado por la Universidad Nacional Mayor de San Marcos (UNMSM) y la Universidad Peruana de Ciencias Aplicadas (UPC). / La creación y posterior gestión de un repositorio institucional no tiene sentido si no cuenta con un número significativo de documentos y un crecimiento permanente de la colección, a un coste razonable. A partir del estudio de repositorios institucionales y de colecciones patrimoniales de bibliotecas, archivos y museos de España, los autores comparten sus reflexiones bajo la premisa de producir repositorios sostenibles, promoviendo la autosuficiencia en el incremento de sus fondos, la garantía de la financiación permanente por parte de la institución que los integra y, especialmente, el uso de los documentos depositados en la comunidad a la que sirve la institución. Tras un breve repaso a los procesos de adaptación de la filosofía del Acceso Abierto a los repositorios existentes, se establece una hoja de ruta para el diseño e implementación de un nuevo repositorio, teniendo en cuenta la cobertura estratégica y legal del proyecto, las opciones de hardware y software más populares, así como la planificación de los procesos de trabajo y la adopción de metadatos de descripción e interoperabilidad. Se presentan estrategias de difusión y evaluación de los repositorios. Finalmente, se aportan recomendaciones básicas de preservación digital, a la espera de una solución global.

Repositorios institucionales

Open Access

España

ETD2012

Acquisition techniques for mobile CDMA systems

Ardebilipour, Mehrdad

January 2000

The initial code Acquisition Techniques of Direct Sequence Spread Spectrum Systems for two categories of serial and parallel search strategies is investigated. A simple and economic scheme for coarse code acquisition of Reverse Link for UMTS (FDD-WCDMA) application is presented. The emphasis is on the performance of a new scheme (using a Surface Acoustic Wave Matched Filter) as a term of probability of false detection (pf) in code division multiple access (CDMA) systems. Knowledge of initial code uncertainty phases help to reduce the overhead of preamble on the access channel and a very simple scheme for acquisition to be determined. In the reverse link this uncertainty is due to the cell radius only. Acquisition time required for a simple serial search scheme may therefore be unacceptably large. On the other hand, for parallel acquisition using parallel branches in accordance with the chip uncertainty time region leads to a lot of hardware complexity. Initially, the effect of multiple access interference and spreading sequence length are determined for models applicable to the reverse link of a mobile communications system. Then the acquisition performance is derived using a model of a cellular mobile communication channel, which includes the effects of multiple access interference, adjacent cell interference, frequency selective Rician channel, shadowing, power control error, and vehicle speed. It is shown that the most significant factors in determining the acquisition performance are the acquisition observation interval, the number of users, and the specular to diffuse power ratio. Numerical results based on analysis of acquisition performance in mobile channel show that the proposed acquisition scheme is efficient, robust, fast and suitable for real time low cost implementation.

621.382